Is there any reason to fear that an IT oversight committee would be little more than a Band-Aid for a lack of executive leadership? Wouldn't hiring CEOs who are more involved and more knowledgeable about technology solve the problem?
I don't think so. We are already getting people into the senior ranks who are more comfortable with IT and better understand it. Still, I think we have two problems. First, IT has not been incorporated and integrated into the educational programs of a lot of senior managers today. Second, today's world is a continuous-education world. It's not an industrial economy, where you went to a university, you were certified as an accountant or an engineer, and then experience would take you through your career with perhaps a couple of refresher courses. Today there is a continuous-education process.
Take the issue of Linux and open source. This revolutionary way of developing software surprised most of us. How could people around the world contribute to building the components of an operating system? How could an organization be dependent upon that kind of environment? If you try to understand open source with your old models you'll reject it; you wouldn't believe it could ever work. So you need to educate yourself and your organization to understand what open source is about and how it works. Major organizations need to have a dialogue today about it, and it can't be just a technical kind of presentation by the CIO or somebody in the IT organization.
So the IT oversight committee would combine the roles of management oversight, corporate IT strategy and tracker of emerging technologies?
The committee should get into the conversation about emerging technologies. It seems to me that we ought to have our CIOs see what is actually going on with Internet Two. It should also render judgments on the return on information. There's always a trade-off: Should we build a warehouse to serve customers better, or should we invest in an information system?
The oversight committee should also ask whether the organization is able to use the information technology to collaborate, or does information move up and down in a cumbersome way through stovepipes and filters. Also, many potential legal problems are lurking, from downloading music from the Internet to SCO Group's lawsuits over Linux. The committee should be alert so their companies don't fall into one of these black holes. Management doesn't like surprises. Finding that your legacy systems are a ticking time bomb that will blow in the next six months, and that you have to invest $300 million to save your systems, is the kind of surprise that blows out earnings and just ought not to happen.
Are we going too far with this idea of oversight committees? Are we taking a risk that they will micromanage IT?
That risk is very high. These conversations are not easy to have, so there is a tendency to degenerate into technical discussions. They aren't as hard to have as the really creative work of identifying strategic advantages and alternative architectures. It's important to have the right people at the board level, and to keep the term "oversight" in mind, because you're not in there operating, you're doing oversight.
That means, first of all, they must be aware of the danger of micromanaging. In teaching Financial Reporting and Management Control at the Harvard Business School, we tell potential CEOs to never, ever be out of the conversation. Your financial staff and their lawyers may be talking about off-balance-sheet financing, but if your eyes are glazing over, you're not doing your job. Okay, how do you stay in the conversation? Directors need to do their homework, so they can understand what's going on. Then they need to roll up the conversation to the highest level: Are we making money or not? What's causing us not to make money? What are the expenses' patterns?
And board members can't let the various technical peopleaccountants, IT people, etc.pull them too deep into their esoteric frameworks. Directors need to ensure that they have a framework of their own to understand the business. That way, they can stay in the conversation and ask all the questions good CEOs ask: Are there alternatives to this? What if we don't do this? What are the risks?